module.exports = function (req,res,next) {
	var sessionUserMatchesId = req.session.User.id === req.param('id');


	if(!(sessionUserMatchesId||req.session.User.admin)){
		var noRightsError =[{name: 'noRights', message: 'Tienes que ser adminstrador'}]
		req.session.flash={
			err:noRightsError
		}
		res.redirect('/session/new');
		return;
	}
	return next();
};